From: Jason Ish <jason.ish@oisf.net>
Date: Wed, 28 Jun 2023 17:08:22 +0000 (-0600)
Subject: test: pcap-log with lz4 write to non-writable directory
X-Git-Tag: suricata-7.0.0~29
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F1271%2Fhead;p=thirdparty%2Fsuricata-verify.git

test: pcap-log with lz4 write to non-writable directory

Ticket: #5022
---

diff --git a/tests/pcap-log-lz4-write/README.md b/tests/pcap-log-lz4-write/README.md
new file mode 100644
index 000000000..cd7ad83f6
--- /dev/null
+++ b/tests/pcap-log-lz4-write/README.md
@@ -0,0 +1,6 @@
+Test that Suricata will not crash if pcap-log is enabled with LZ4
+compression and a non-writable pcap-log directory.
+
+## Issue
+
+https://redmine.openinfosecfoundation.org/issues/5022
diff --git a/tests/pcap-log-lz4-write/suricata.yaml b/tests/pcap-log-lz4-write/suricata.yaml
new file mode 100644
index 000000000..0a0204483
--- /dev/null
+++ b/tests/pcap-log-lz4-write/suricata.yaml
@@ -0,0 +1,21 @@
+%YAML 1.1
+---
+
+outputs:
+  - pcap-log:
+      enabled: yes
+      filename: log.pcap
+      compression: lz4
+      mode: normal
+      dir: pcap-log
+
+# Enable enging logging to JSON so we can verify it.
+logging:
+  outputs:
+    - console:
+        enabled: yes
+    - file:
+        enabled: yes
+        level: info
+        filename: eve.json
+        type: json
diff --git a/tests/pcap-log-lz4-write/test.yaml b/tests/pcap-log-lz4-write/test.yaml
new file mode 100644
index 000000000..086223301
--- /dev/null
+++ b/tests/pcap-log-lz4-write/test.yaml
@@ -0,0 +1,22 @@
+requires:
+  features:
+    - liblz4
+
+skip:
+  - uid: 0
+    msg: "Test requires non-root user"
+
+setup:
+  # Create a pcap-log directory without write permission
+  - script: |
+      rm -rf pcap-log
+      mkdir pcap-log
+      chmod 555 pcap-log
+      
+pcap: ../alert-testmyids/input.pcap
+
+checks:
+  - filter:
+      count: 1
+      match:
+        engine.message: "Error opening file for compressed output: Permission denied"